DigitalOcean
This section describes how to onboard and deploy Reblaze via the DigitalOcean Marketplace.
This guide will walk you through the process from the first access of the marketplace until Reblaze is successfully deployed and protecting your website. We offer our help at any step of the process at support@reblaze.com.
Before doing your first deployment, we suggest that you watch these videos to better understand the onboarding and deployment process.
Description
The Reblaze WAF/IPS (Web Application Firewall/Intrusion Prevention System) uses a multivariate approach and leverages a variety of techniques to accurately identify and block malicious traffic. These include Application Whitelisting, Behavioural Analysis, Blacklisting, Fine-grained ACL (access-control list) and Machine Learning.
Reblaze acts as a reverse proxy and forwards the traffic to your website after analyzing and scrubbing it from hostile traffic.
Although you can use an external IP address as the traffic origin, it is highly recommended for both security and performance to have the originating IP address within the internal Virtual Private Cloud (VPC).
For best scalability, performance and security we recommend deploying Reblaze behind a load balancer using the TAG method for adding droplets. This allows you add/remove instances as needed. The Reblaze license is passed to the droplet at boot, using the user data feature in droplet creation.
This setup process assumes that you have a Digital Ocean account and that you have created the base project that will include your application components and Reblaze WAF. If you do not have a DigitalOcean account, sign up for one at https://www.digitalocean.com/ and create a project.
The process for onboarding Reblaze in DigitalOcean includes the following steps:
Last steps
Route your traffic to the load balancer
At this point, your deployment and setup are complete. Now you should test if your website works correctly when routing traffic to the Reblaze deployment. Perform offline testing by modifying your hosts file to point your website to the new load balancer. If you see that you are returned to your website, routing via Reblaze is working correctly.
The last remaining step is to route your traffic to the load balancer, which will send it to your Reblaze instance(s). Reblaze will scrub the traffic and forward it on to your servers. To setup this routing, set your DNS record to the IP address that is resolved from the load balancer DNS Name. The IP address is found in DigitalOcean on the Networking > Load Balancer page.
Activate Reblaze traffic filtering
Initially, Reblaze is setup for report-only mode. Assuming that this option was not changed, then Reblaze is not yet filtering your traffic; it is merely reporting on what it would have filtered had it been set up in active mode. This gives you an opportunity to fine-tune Reblaze’s configuration before any of your traffic is actually affected. When you are comfortable with the reporting results, move the application to Active mode and publish the change, as described in Configure the Reblaze Platform.
Going Forward: Customizing Reblaze
As you might notice from looking through the interface, the Reblaze web security platform is both powerful and highly customizable, with the ability to be fine-tuned for your specific needs. However, it is beyond the scope of this document to describe this customization process. Furthermore, a full and correct customization is often rather daunting for new users.
For more information on using Reblaze, see the user manual at https://gb.docs.reblaze.com/.
We at Reblaze Technologies want you to have the best experience possible with the platform, so that you will enjoy the full benefits of comprehensive, intelligent, and effortless web security. Therefore, please feel free to contact support at support@reblaze.com, for further one- on-one assistance in setting up your deployment. We’re available 24 hours per day to assist you.
Last updated